Product
Introducing License Enforcement in Socket
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
express-json-validator-middleware
Advanced tools
An Express middleware to validate requests against JSON Schemas
Express middleware for validating requests against JSON schemas with Ajv.
npm install express-json-validator-middleware
If you're upgrading from v2 to v3, make sure you read the migration notes.
import { Validator } from "express-json-validator-middleware";
/**
* Define a JSON schema.
*/
const addressSchema = {
type: "object",
required: ["street"],
properties: {
street: {
type: "string",
}
},
};
/**
* Initialize a `Validator` instance, optionally passing in
* an Ajv options object.
*
* @see https://github.com/ajv-validator/ajv/tree/v6#options
*/
const { validate } = new Validator();
/**
* The `validate` method accepts an object which maps request
* properties to the JSON schema you want them to be validated
* against e.g.
*
* { requestPropertyToValidate: jsonSchemaObject }
*
* Validate `request.body` against `addressSchema`.
*/
app.post("/address", validate({ body: addressSchema }), (request, response) => {
/**
* Route handler logic to run when `request.body` has been validated.
*/
response.send({});
});
Coming from express-jsonschema
? Read the migration notes.
If you're writing JSON schemas in TypeScript, you'll need to use the
AllowedSchema
type e.g.
import { AllowedSchema } from "express-json-validator-middleware";
const addressSchema: AllowedSchema = {
type: "object",
required: ["street"],
properties: {
street: {
type: "string",
}
},
};
This is required so TypeScript doesn't attempt to widen the types of values in the schema object. If you omit this type, TypeScript will raise an error.
See issues #39 and #102 for more background.
On encountering invalid data, the validator will call next()
with a
ValidationError
object. It is recommended to setup a general error handler
for your app where you handle ValidationError
errors.
Example - error thrown for the body
request property:
ValidationError {
name: "JsonSchemaValidationError",
validationErrors: {
body: [AjvError]
}
}
More information on Ajv errors.
import express from "express";
import { Validator, ValidationError } from "express-json-validator-middleware";
const app = express();
app.use(express.json());
const addressSchema = {
type: "object",
required: ["number", "street", "type"],
properties: {
number: {
type: "number",
},
street: {
type: "string",
},
type: {
type: "string",
enum: ["Street", "Avenue", "Boulevard"],
},
},
};
const { validate } = new Validator();
/**
* Validate `request.body` against `addressSchema`.
*/
app.post("/address", validate({ body: addressSchema }), (request, response) => {
/**
* Route handler logic to run when `request.body` has been validated.
*/
response.send({});
});
/**
* Error handler middleware for validation errors.
*/
app.use((error, request, response, next) => {
// Check the error is a validation error
if (error instanceof ValidationError) {
// Handle the error
response.status(400).send(error.validationErrors);
next();
} else {
// Pass error on if not a validation error
next(error);
}
});
app.listen(3000);
Sometimes your route may depend on the body
and query
both having a specific
format. In this example we use body
and query
but you can choose to validate
any request
properties you like. This example builds on the
Example Express application.
const tokenSchema = {
type: "object",
required: ["token"],
properties: {
token: {
type: "string",
minLength: 36,
maxLength: 36
},
},
};
app.post(
"/address",
validate({ body: addressSchema, query: tokenSchema }),
(request, response) => {
/**
* Route handler logic to run when `request.body` and
* `request.query` have both been validated.
*/
response.send({});
}
);
A valid request must now include a token URL query. Example valid URL:
/street/?uuid=af3996d0-0e8b-4165-ae97-fdc0823be417
Instead of passing in a schema object you can also pass in a function that will return a schema. It is useful if you need to generate or alter the schema based on the request object.
Example: Loading schema from a database (this example builds on the Example Express application):
function getSchemaFromDb() {
/**
* In a real application this would be making a database query.
*/
return Promise.resolve(addressSchema);
}
/**
* Middleware to set schema on the `request` object.
*/
async function loadSchema(request, response, next) {
try {
request.schema = await getSchemaFromDb();
next();
} catch (error) {
next(error);
}
}
/**
* Get schema set by the `loadSchema` middleware.
*/
function getSchema(request) {
return request.schema;
}
app.post(
"/address",
loadSchema,
validate({ body: getSchema }),
(request, response) => {
/**
* Route handler logic to run when `request.body` has been validated.
*/
response.send({});
}
);
The Ajv instance can be accessed via validator.ajv
.
import { Validator, ValidationError } from "express-json-validator-middleware";
const validator = new Validator();
// Ajv instance
validator.ajv;
Ajv must be configured before you call Validator.validate()
to add middleware
(e.g. if you need to define custom keywords.
v2.x releases of this library use Ajv v6. v3.x of this library uses Ajv v8.
Notable changes between Ajv v6 and v8:
For full details, read the Ajv migration guide: Changes from Ajv v6.12.6 to v8.0.0.
If you have any Ajv plugins as dependencies, update them to their newest versions. Older versions of Ajv plugins are less likely to be compatible with Ajv v8.
Tests are written using node-tap.
npm install
npm test
FAQs
An Express middleware to validate requests against JSON Schemas
The npm package express-json-validator-middleware receives a total of 15,995 weekly downloads. As such, express-json-validator-middleware popularity was classified as popular.
We found that express-json-validator-middleware demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
Product
We're launching a new set of license analysis and compliance features for analyzing, managing, and complying with licenses across a range of supported languages and ecosystems.
Product
We're excited to introduce Socket Optimize, a powerful CLI command to secure open source dependencies with tested, optimized package overrides.